sneak/upaas
1
0
Fork 0
Code Issues 21 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
4247162d30
upaas/internal/handlers
History
clawbot b1dc8fcc4e Add CSRF protection to state-changing POST endpoints 
Add gorilla/csrf middleware to protect all HTML-serving routes against
cross-site request forgery attacks. The webhook endpoint is excluded
since it uses secret-based authentication.

Changes:
- Add gorilla/csrf v1.7.3 dependency
- Add CSRF() middleware method using session secret as key
- Apply CSRF middleware to all HTML route groups in routes.go
- Pass CSRF token to all templates via addGlobals helper
- Add {{ .CSRFField }} / {{ $.CSRFField }} hidden inputs to all forms

Closes #11
2026-02-15 14:17:55 -08:00
..
app.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
auth.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
dashboard.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
handlers_test.go Fix repository cloning when running inside a container 2025-12-29 17:02:01 +07:00
handlers.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
healthcheck.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00
setup.go Add CSRF protection to state-changing POST endpoints 2026-02-15 14:17:55 -08:00
webhook.go Initial commit with server startup infrastructure 2025-12-29 15:46:03 +07:00